If your organization is in the financial or health sector, you no doubt are familiar with the Gramm-Leach-Bliley Act (GLBA) or the Health Insurance Portability and Accountability Act (HIPAA). Both mandate specific actions to protect the security and privacy of customer and patient information, respectively. They affect how organizations collect, store, transmit and allow access to nonpublic information that can be individually identified to a customer receiving a financial product or service or a patient receiving health care. But neither act spells out specific hardware or software solutions that you need to implement to comply with the law.
IT is good at providing practical solutions to network management and security problems. Many of the technologies that apply to both GLBA and HIPAA, such as authentication schemes for identity management, encryption for data transmission, secure VPNs for remote access, and access controls for data storage, are in place. But IT is not so good at documenting the solutions used to meet the legal requirements in laws like GLBA and HIPAA. And that's where policy management can help.
Policy-management tools, such as BindView Policy Operations Center, bring together policy templates linked to specific requirements of GLBA and HIPAA. These templates can be used to form a written policy that addresses legal requirements. In the case of GLBA, it can be tailored for the size and complexity of your organization. For HIPAA, it can scale to the cost of the solution. These policy tools not only apply the law, they also suggest industry practices to bring you toward compliance. For example, if your enterprise uses WLANs, BindView suggests IEEE WLAN security features, including WEP (Wired Equivalent Privacy), and MAC (Media Access Control) filtering to protect customer information and assets. It also includes asset-protection standards for devices, such as firewalls and routers, and operating systems. --Sean Doherty
Resources
• GLBA Interagency Guidelines Establishing Standards for Safeguarding Customer Information
• HIPAA Privacy Rules, aspe.os.
• HIPAA Security Rules
• "Final HIPAA Rules Hit the Street," (InformationWeek, Feb. 13, 2003)
REPORTS
ANALYTICS
Follow 
